Create a MVP for solution 3 in the epic description:

The MCD update, MCD verification, MCD config drift monitor all ignore the kubelet-ca cert file. The MCD gets a new routine to update the file, reading from a configmap the MCC manages. The MCC still renders the cert but the cert will be updated even if the pool is paused

The Machine-Config rendering path would stay the same, as well as updating the node, but:

1. the MCC gets additional logic to create a configmap in the MCO namespace, which it puts the necessary certs in
2. the MCD gains the ability and RBAC permissions to read said configmap and render it into a file, doing so via a separate path. This can be part of the regular daemon sync as a first step, but should be a separate routine with a watcher on that configmap
3. the MCD gains a list of paths to become unmanaged, meaning that despite it being in the rendered config, it does not: write the file, validate the file during upgrades, or watch the file in the config drift monitor
4. the alert for paused pools can also be removed